Help with NFS public

rthorntn · May 17, 2016, 9:11am

Hi

Please help.

I created a ZFS pool on Solaris 11.3 (thunder) and shared it using NFS (storage).

But when I connect from my Mac without credentials I can't write to the shareI assume I have to make the share public but can't figure out the syntaxplease help.

Also the pool is for media I don't need synchronous writes (or ZIL) can I disable sync writes?

Thanks.

Richard

vbe · May 17, 2016, 9:26am

NFS is (almost..) just like any other file system from a user point of vue, so unix perms apply,
From your mac without credentials works the same as anyone arriving being anonimous:anonimous ... unless the perms are read-write to all ( taht means other...) then at the best you can read only, of course that is if you havent exported your file system as read-only...

rthorntn · May 18, 2016, 3:12am

Thanks. I used chmod to enable permissions and inheritance for everyone but now when I mount on Mac OS 10.11.5 and try to copy a file to the NFS shareit puts an empty file there and locks up the computer...

Please assist.

Richard

vbe · May 18, 2016, 4:43am

Have you looked in the logs? Remember also even with directory set to 777 external privileged account are nor admitted to write unless you have configured so... Only I have no solaris just now to see...
When you say connect without credentials what do you mean?
On my mac when I needed copies and transfer scripts to a HP-UX server I created an account the unix traditional way - not using Mac GUI interface, and so that user is not seen as so when booting or from the GUI login screen, but works when I open a terminal and do a su - then I configured my mac to have a fix address on that lan and updated both boxes /etc/hosts, the user I created on my mac I gave the same UID I use on the HP.... ( only that HP is no more here so could see its config either...)
All worked well after... but from that terminal... I have no idea what would happen using GUI...

hicksd8 · May 18, 2016, 7:40am

I know little about Mac but I suggest that you open up security to force it to work and then tighten things up security wise afterwards.

So, as vbe has already said, setting access rights to 777 is a good start to see if that works. Also, ensure zfs is set to share the pool read-write to the host(s) you require. You can explicitly give any host read-write, read-only, or root access like these examples:

# zfs set sharenfs=rw=host1:host2,ro=host3 pool

# zfs set sharenfs=rw=host1:host2,root=host1,ro=host3 pool

The latter gives host1 explicit root access (which will override most security and therefore could be deadly in the wrong hands) but you could turn that on just to see if it makes it work.

Another thought is to research what nfs version each machine is using. nfs can be version 2, 3 or 4 and a mismatch across a link can cause strange results. If one machine has a version higher than the other then be specific on the nfs mount command line which version to use. Search these forums for plenty of examples on how to do that.

rthorntn · May 19, 2016, 1:55am

Thanks everyone!

OK, I have the NFS connection stable, I used NFSManager app on Mac to mount NFSv4 - IPv4 - TCP.

BUT... when I create directories through NFS I get the expected (inheritance) result but files don't:

root@solaris:/# ls -V /storage
total 17
drwxrwxrwx+  3 501      games          5 May 19 12:50 test1
                 owner@:rwxpdDaARWcCos:fd----I:allow
                 group@:rwxpdDaARWcCos:fd----I:allow
              everyone@:rwxpdDaARWcCos:fd----I:allow

root@solaris:/# ls -V /storage/test1/
total 26
drwxrwxrwx+  2 501      games          2 May 19 12:50 testy
                 owner@:rwxpdDaARWcCos:fd----I:allow
                 group@:rwxpdDaARWcCos:fd----I:allow
              everyone@:rwxpdDaARWcCos:fd----I:allow
-rw-r--r--   1 501      games         10 May 19 11:31 Untitled.txt
                 owner@:rw-p--aARWcCos:-------:allow
                 group@:r-----a-R-c--s:-------:allow
              everyone@:r-----a-R-c--s:-------:allow

root@solaris:/# ls -V /storage/test1/testy/
total 9
-rw-r--r--   1 501      games         35 May 19  2016 Untitled 3.txt
                 owner@:rw-p--aARWcCos:-------:allow
                 group@:r-----a-R-c--s:-------:allow
              everyone@:r-----a-R-c--s:-------:allow

Any ideas?

---------- Post updated at 03:49 PM ---------- Previous update was at 01:05 PM ----------

I can see whats going on, if I "touch" a file in Solaris, I get the ACL's I want:

-rwxrwxrwx+  1 root     root           0 May 19 15:14 me
                 owner@:rwxpdDaARWcCos:------I:allow
                 group@:rwxpdDaARWcCos:------I:allow
              everyone@:rwxpdDaARWcCos:------I:allow

But the Mac NFS client is not supporting ACL's:

root@solaris:/storage/test1/testy# ls -l
total 131
-rwxrwxrwx+  1 root     root           0 May 19 15:14 me
-rw-r--r--   1 501      games         35 May 19 13:00 Untitled 3.txt

I set "Enable ACL's" in NFSManager but it doesn't seem to make any difference.

Please help.

---------- Post updated at 03:55 PM ---------- Previous update was at 03:49 PM ----------

Actually, I think I have fixed it, enabling (and enforcing) ACL's and ignoring mode attributes seems to have done the trick.

hicksd8 · May 19, 2016, 5:53am

@rthorntn.........thank you for the update/solution and welcome to the forum. It's great when members can take the pointers we give and do their own investigation instead of just expecting answers on a plate. Do please add any further information/questions on this issue as it helps future readability and usefulness for others.